[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: RE: [Ntop] 802.11a & 802.11b support?
From: "Burton M. Strauss III" <Burton () ntopsupport ! com>
Date: 2002-05-30 15:00:34
Message-ID: JIEPJGFPFMFIGBNCPKGGGEHFCIAA.Burton () ntopsupport ! com
[Download RAW message or body]
Suggestion:
Why don't you (Dave) try it...
First, simply fire up ntop with the wireless card and see what happens. If
the card truly supports promiscuous mode, you should see data (remember,
some allow the setting and say they're in promisc mode, but don't get the
packets out of the base band layer because they're not addressed to the
card). If it doesn't you'll only see your own traffic.
Second, look at AirSnort and do the following:
1. Figure out - if you put the NIC into monitor mode - how ntop will see
packets. The basic question is "is there a physical frame type difference
such that you can set the header length so the rest of ntop sees just the
Ethernet portion of the packet" (i.e. like FDDI and RAW and PPP do in the
code now).
2. Assuming you get out of #1, alive, then you can begin to write code
to analyze the 802.11a/b headers.
What I'd *like* to see is that an 802.11a/b interface is treated normally by
ntop unless the user has put the NIC into monitor mode, whereupon it
automatically (via frame type detection) enables the extra analysis. If it
doesn't work totally transparently, then I'd be greatly concerned.
If we have to make ntop too dependent upon AirSnort/Kismet type behavior,
them I'm concerned also. Let's face it, those tools are aimed at a much
more technical crowd than ntop is... I'd really be leery of incorporating
those kind of system level/detailed knowledge issues into ntop.
-----Burton
Background:
As I said buried in my note yesterday, there are two questions... let me
try and phrase them better...
1. Whether the card driver provides access to the raw 802.11a/b frame or
just the Ethernet contents.
2. Whether promiscuous mode works.
The answer for #1 appears to be NO, it's only the Ethernet contents.
Although it appears to be possible - for some cards - with some difficulty.
Extracting info from the AirSnort changes page,
http://airsnort.shmoo.com/Changesv2.html:
"New in AirSnort 0.2.1:
It should be possible to use ANY card that passes monitor mode packets up
via the PF_PACKET interface. For wlan-ng and patched Orinoco drivers
airsnort will do automatic placement into monitor mode and channel scan at a
0.2 second interval. For other cards, like Cisco, you will need to manually
place the card in monitor mode before airsnort will see any packets. Orinoco
users MUST use the the *-packet-* Orinoco driver patch available at
http://airsnort.shmoo.com/orinocoinfo.html"
Let's see - either the program or the user has to enter a special command:
iwpriv eth0 monitor <m> <c>
m - one of the following
0 - disable monitor mode
1 - enable monitor mode with Prism2 header info prepended
to packet (ARPHRD_IEEE80211_PRISM)
2 - enable monitor mode with no Prism2 info (ARPHRD_IEEE80211)
c - channel to monitor
Then it uses a different interface, PF_PACKET?
There are a lot of other issues, see
http://airsnort.shmoo.com/orinocoinfo.html
-----Original Message-----
From: ntop-admin@unipi.it [mailto:ntop-admin@unipi.it]On Behalf Of
Michael Baird
Sent: Thursday, May 30, 2002 7:56 AM
To: ntop@Unipi.IT
Subject: Re: [Ntop] 802.11a & 802.11b support?
Yes, this works fine with any prismII based card on linux, ntop sees the
wireless card as just another network device.
Regards
MIKE
On Thu, 2002-05-30 at 08:25, Luca Deri wrote:
> Dave,
> I can monitor my traffic with ntop + iBook/Airport. Essentially this is
> an Ethernet-like interface. What would you like to do about ntop
> wireless support?
>
>
> Cheers, Luca
>
> Dave Hecht wrote:
> >
> > First of all let me apologize in advance for whatever Internet norm I am
> > breaking in this message, not reading enough FAQ's, wrong list, wrong
> > mailer......whatever.....
> >
> > Is there at present any plan or interest in supporting the decode of
802.11a
> > & b (eventually g) in ntop? If there is interest but not yet any plan I
am
> > willing to write a specification and project plan for approval and begin
> > coding. Any interest?
> >
> > Dave
> >
> > _______________________________________________
> > Ntop mailing list
> > Ntop@unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop
>
> --
> Luca Deri NETikos S.p.A.
> Via Matteucci 34/B 56124 Pisa, Italy.
> Ph. +39/050/968.639 Fax. +39/050/968.626
> Personal: luca@lucaderi.org Business: luca.deri@netikos.com
> WWW: http://www.lucaderi.org/ ICQ: 68183632
> Hacker: someone who loves to program and enjoys being
> clever about it - Richard Stallman
> _______________________________________________
> Ntop mailing list
> Ntop@unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic